Regulation on the horizon for operational resilience

Typing operational resilience into Google will offer you a mere 103 million results. Many of these will undoubtedly find you reading about the UK authorities? consultation papers released on the topic back in December 2019. That suite of papers was welcome. Firms had long been aware of not only the commercial advantage of building resilient firms, but also the strategic imperative that a resilient system means for the entire economy.

In the lead up to the submission window of 1 October UK Finance worked hard with its members to identify areas where the proposals could be improved. With a deep pool of experience from which to draw, the diversity of our membership allowed us to consider each key expectation with the benefit of practical knowledge.

The proposals set out by the regulator are all achievable, but the way in which they will be implemented in practice required clarity. While we agree with the regulatory objective of building a more resilient system through more resilient firms, we believe that members need further definition in three main areas:

  1. Important business services - we know that individual firms are best placed to make judgements on important business services. The challenge is how different each of them are. Because not every important service has ?points of contact? with customers, firms need clarity. In addition, we ask that the final policy statement refines the definition of ?external end user? and we suggest that this is treated as a separate obligation.
  1. Impact tolerances - informed by robust and meaningful metrics, impact tolerances are vital to operational resilience. To help develop these tools, harmonisation of the definitions is needed as well as a recognition that applying multiple tolerances to dual-regulated firms may cause unnecessary complexities.
  1. Scenario testing ? testing against the assumption of failure will ensure that response and recovery actions work in all severe but plausible scenarios. We support prudent testing but ask that the expectations are proportionate. Ongoing guidance in this area will ensure that information sharing remains free-flowing and that all firms can benefit from the lessons learned.

With clarity in the policy statements, firms can confidently continue leveraging their existing frameworks to ensure they meet the requirements and continue to effectively build their operational resilience.

Please read our full response here, and contact our operational resilience team at UK Finance if you would like any further information. We look forward to supporting the work of the regulators and our members in this important area.



Digital Innovation Summit:  2-20 November - Free for members
Register now for the 2020 Digital Innovation Summit, UK Finance's flagship technology event with seven streams of content for members across Mortgages, Payments, Ethical AI, Economic Crime, Digital Strategy and more. 

Over three weeks a huge variety of content will be delivered via interactive debates, broadcasts, podcasts, lightning talks, videos, and interviews with senior decision makers. Every day, fresh content will be made available to delegates.

Register now and join the innovators and game changers that are reimagining financial services.



Area of expertise:

Digital Innovation Summit

The full agenda for the Summit is now available to download. Visit our event page to view.

View the agenda Read more